1   /**
2    * Copyright (c) 2000-2009 Liferay, Inc. All rights reserved.
3    *
4    *
5    *
6    *
7    * The contents of this file are subject to the terms of the Liferay Enterprise
8    * Subscription License ("License"). You may not use this file except in
9    * compliance with the License. You can obtain a copy of the License by
10   * contacting Liferay, Inc. See the License for the specific language governing
11   * permissions and limitations under the License, including but not limited to
12   * distribution rights of the Software.
13   *
14   * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
15   * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16   * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
17   * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
18   * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
19   * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
20   * SOFTWARE.
21   */
22  
23  package com.liferay.portal.util;
24  
25  import com.liferay.portal.CookieNotSupportedException;
26  import com.liferay.portal.kernel.log.Log;
27  import com.liferay.portal.kernel.log.LogFactoryUtil;
28  import com.liferay.portal.kernel.util.StringPool;
29  import com.liferay.portal.kernel.util.Validator;
30  import com.liferay.util.CookieUtil;
31  
32  import javax.servlet.http.Cookie;
33  import javax.servlet.http.HttpServletRequest;
34  import javax.servlet.http.HttpServletResponse;
35  
36  import org.apache.commons.codec.binary.Hex;
37  
38  /**
39   * <a href="CookieKeys.java.html"><b><i>View Source</i></b></a>
40   *
41   * @author Brian Wing Shun Chan
42   * @author Minhchau Dang
43   */
44  public class CookieKeys {
45  
46      public static final String COOKIE_SUPPORT = "COOKIE_SUPPORT";
47  
48      public static final String COMPANY_ID = "COMPANY_ID";
49  
50      public static final String GUEST_LANGUAGE_ID = "GUEST_LANGUAGE_ID";
51  
52      public static final String ID = "ID";
53  
54      public static final String JSESSIONID = "jsessionid";
55  
56      public static final String LOGIN = "LOGIN";
57  
58      public static final String PASSWORD = "PASSWORD";
59  
60      public static final String REMEMBER_ME = "REMEMBER_ME";
61  
62      public static final String SCREEN_NAME = "SCREEN_NAME";
63  
64      public static final int MAX_AGE = 31536000;
65  
66      public static final int VERSION = 0;
67  
68      public static void addCookie(
69          HttpServletRequest request, HttpServletResponse response,
70          Cookie cookie) {
71  
72          addCookie(request, response, cookie, request.isSecure());
73      }
74  
75      public static void addCookie(
76          HttpServletRequest request, HttpServletResponse response,
77          Cookie cookie, boolean secure) {
78  
79          if (!PropsValues.SESSION_ENABLE_PERSISTENT_COOKIES ||
80              PropsValues.TCK_URL) {
81  
82              return;
83          }
84  
85          // LEP-5175
86  
87          String name = cookie.getName();
88  
89          String originalValue = cookie.getValue();
90          String encodedValue = originalValue;
91  
92          if (isEncodedCookie(name)) {
93              encodedValue = new String(Hex.encodeHex(originalValue.getBytes()));
94  
95              if (_log.isDebugEnabled()) {
96                  _log.debug("Add encoded cookie " + name);
97                  _log.debug("Original value " + originalValue);
98                  _log.debug("Hex encoded value " + encodedValue);
99              }
100         }
101 
102         cookie.setSecure(secure);
103         cookie.setValue(encodedValue);
104         cookie.setVersion(VERSION);
105 
106         // Setting a cookie will cause the TCK to lose its ability to track
107         // sessions
108 
109         response.addCookie(cookie);
110     }
111 
112     public static void addSupportCookie(
113         HttpServletRequest request, HttpServletResponse response) {
114 
115         Cookie cookieSupportCookie = new Cookie(COOKIE_SUPPORT, "true");
116 
117         cookieSupportCookie.setPath(StringPool.SLASH);
118         cookieSupportCookie.setMaxAge(MAX_AGE);
119 
120         addCookie(request, response, cookieSupportCookie);
121     }
122 
123     public static String getCookie(HttpServletRequest request, String name) {
124         String value = CookieUtil.get(request, name);
125 
126         if ((value != null) && isEncodedCookie(name)) {
127             try {
128                 String encodedValue = value;
129                 String originalValue = new String(
130                     Hex.decodeHex(encodedValue.toCharArray()));
131 
132                 if (_log.isDebugEnabled()) {
133                     _log.debug("Get encoded cookie " + name);
134                     _log.debug("Hex encoded value " + encodedValue);
135                     _log.debug("Original value " + originalValue);
136                 }
137 
138                 return originalValue;
139             }
140             catch (Exception e) {
141                 if (_log.isWarnEnabled()) {
142                     _log.warn(e.getMessage());
143                 }
144 
145                 return value;
146             }
147         }
148 
149         return value;
150     }
151 
152     public static String getDomain(HttpServletRequest request) {
153 
154         // See LEP-4602 and LEP-4618.
155 
156         if (Validator.isNotNull(PropsValues.SESSION_COOKIE_DOMAIN)) {
157             return PropsValues.SESSION_COOKIE_DOMAIN;
158         }
159 
160         String host = request.getServerName();
161 
162         return getDomain(host);
163     }
164 
165     public static String getDomain(String host) {
166 
167         // See LEP-4602 and LEP-4645.
168 
169         if (host == null) {
170             return null;
171         }
172 
173         // See LEP-5595.
174 
175         if (Validator.isIPAddress(host)) {
176             return host;
177         }
178 
179         int x = host.lastIndexOf(StringPool.PERIOD);
180 
181         if (x <= 0) {
182             return null;
183         }
184 
185         int y = host.lastIndexOf(StringPool.PERIOD, x - 1);
186 
187         if (y <= 0) {
188             return StringPool.PERIOD + host;
189         }
190 
191         int z = host.lastIndexOf(StringPool.PERIOD, y - 1);
192 
193         String domain = null;
194 
195         if (z <= 0) {
196             domain = host.substring(y);
197         }
198         else {
199             domain = host.substring(z);
200         }
201 
202         return domain;
203     }
204 
205     public static boolean hasSessionId(HttpServletRequest request) {
206         String jsessionid = getCookie(request, JSESSIONID);
207 
208         if (jsessionid != null) {
209             return true;
210         }
211         else {
212             return false;
213         }
214     }
215 
216     public static boolean isEncodedCookie(String name) {
217         if (name.equals(ID) || name.equals(LOGIN) || name.equals(PASSWORD) ||
218             name.equals(SCREEN_NAME)) {
219 
220             return true;
221         }
222         else {
223             return false;
224         }
225     }
226 
227     public static void validateSupportCookie(HttpServletRequest request)
228         throws CookieNotSupportedException {
229 
230         if (PropsValues.SESSION_ENABLE_PERSISTENT_COOKIES &&
231             PropsValues.SESSION_TEST_COOKIE_SUPPORT) {
232 
233             String cookieSupport = getCookie(request, COOKIE_SUPPORT);
234 
235             if (Validator.isNull(cookieSupport)) {
236                 throw new CookieNotSupportedException();
237             }
238         }
239     }
240 
241     private static Log _log = LogFactoryUtil.getLog(CookieKeys.class);
242 
243 }